One big con is that the mqtt user name and password can be sniffed and used to connect to the cloud. But that’s easy solvable, if they don’t speak right, disconnect them and force password change.

Secure Firmware upgrades

Only local and only user initiated, user must see and check the result of the upgrade – Any other option introduces big risk for the system and the user.

Data – What to protect and what not?

It’s well know that all encryption is value versus time. So do you really want to hide what was the temperature at your house 5 minutes ago? – May be, if you are paranoid, but you definitely want to lock the access to your internet enabled door locks.

So all the actuators must be crypto protected – they do things. While sensors can be divided into two types – sensitive and non-sensitive. For example – house alarm state is sensitive, just like house human presence . But the outdoor temperature is not sensitive, you can get it N+1 ways.

I’ve soldered the headers, with chip on top – looked natural. But the GPIO silkscreen markings got hidden at the bottom of the module – i think it’s better for development to have them on top, shorted out text is OK.

There are two rows left on both sides of the the breadboard.

So, let’s see what the extra flash is good for.

SSL – Is SSL the right solution for #IoT?

FOTA – What about the FOTA upgrades security?

Going down the rabbit hole it seems that the MOST important and hard part of a IoT implementation is to get the security right. So the extra flash will present an opportunity to test to some ideas on how to do it. And we need it for the service we are building – it’s just vital to have and to have it right.